1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Should I format my HD and reinstall?

Discussion in 'Windows XP' started by Michael S., Nov 1, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Michael S.

    Michael S. Thread Starter

    Joined:
    Jun 20, 2003
    Messages:
    177
    I am giving up. I have a virus I cannot read, I bought new McAfee VirusScan Online today. My account seems OK, went to Guest Account , default for WinXP. That is still infected, McAfee, Stinger, Lavasoft products cannot see it.

    My teacher said I should look in the Help Files, for "command Line" . That is a little too much for me to learn right now!

    I have more than one program that I cannot uninstall. I am losing track of cumulative problems. Now, I am thinking that formatting - erasing everything from my HD - might be an answer. [1] Gets rid of the prob? [2] Speeds up my system, by getting rid of unnecessary crap.

    Logfile of HijackThis v1.97.3
    Scan saved at 21:42:25, on 10/31/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\system32\cidaemon.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\McAfee.com\MPS\mscifapp.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\Broderbund\Mavis Beacon Teaches Typing Deluxe 15\minimavis.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\McAfee.com\Secure IE\SecureIE.exe
    C:\Documents and Settings\Michael Lawrence\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Personal Coach.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Download File - C:\Program Files\McAfee.com\Secure IE\Scripts\AddToTransferQueue.htm
    O8 - Extra context menu item: &Highlight - C:\Program Files\McAfee.com\Secure IE\Scripts\highlight.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Zoom &In - C:\Program Files\McAfee.com\Secure IE\Scripts\zoomin.htm
    O8 - Extra context menu item: Zoom O&ut - C:\Program Files\McAfee.com\Secure IE\Scripts\zoomout.htm
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - file://C:\Program Files\AutoCAD 2002\SysVerChk.ocx
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37919.605150463
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

    Please help, I also have an EasyCleaner logfile of my registry:

    Registry key Last modification String value File/path reference
    HKEY_CURRENT_USER: Software\Autodesk\AutoCAD\R16.0\ACAD-201:409\MiniDump 06/06/2003 04:19PM DmpFilePath C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\acminidump.dmp
    HKEY_CURRENT_USER: Software\Microsoft\FrontPage 10/10/2003 08:17PM WecErrorLog C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\wecerr.txt
    HKEY_CURRENT_USER: Software\Microsoft\Internet Explorer\Main 11/01/2003 04:36AM Local Page C:\WINDOWS\SYSTEM\blank.htm
    HKEY_CURRENT_USER: Software\Microsoft\Windows\ShellNoRoam\MUICache 11/01/2003 04:41AM C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\IXP000.TMP\ieupdate.exe IEUNINST
    HKEY_CURRENT_USER: Software\Microsoft\Windows\ShellNoRoam\MUICache 11/01/2003 04:41AM C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\INS6B.tmp INS6B
    HKEY_CURRENT_USER: Software\Microsoft\Windows\ShellNoRoam\MUICache 11/01/2003 04:41AM C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\INS6E.tmp INS6E
    HKEY_CURRENT_USER: Software\Microsoft\Windows\ShellNoRoam\MUICache 11/01/2003 04:41AM C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\INS3.tmp INS3
    HKEY_CURRENT_USER: Software\Netscape\Netscape Navigator\User Trusted External Applications 09/30/2003 08:24AM C:\PROGRA~1\QUICKT~1\PictureViewer.exe Yes
    HKEY_USERS: .DEFAULT\Software\Microsoft\Internet Explorer\Main 10/25/2003 09:01PM Local Page C:\WINDOWS\SYSTEM\blank.htm
    HKEY_USERS: S-1-5-21-1298759705-1546554832-1758055739-1005\Software\Autodesk\AutoCAD\R16.0\ACAD-201:409\MiniDump 06/06/2003 04:19PM DmpFilePath C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\acminidump.dmp
    HKEY_USERS: S-1-5-21-1298759705-1546554832-1758055739-1005\Software\Microsoft\FrontPage 10/10/2003 08:17PM WecErrorLog C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\wecerr.txt
    HKEY_USERS: S-1-5-21-1298759705-1546554832-1758055739-1005\Software\Microsoft\Internet Explorer\Main 11/01/2003 04:36AM Local Page C:\WINDOWS\SYSTEM\blank.htm
    HKEY_USERS: S-1-5-21-1298759705-1546554832-1758055739-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache 11/01/2003 04:41AM C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\IXP000.TMP\ieupdate.exe IEUNINST
    HKEY_USERS: S-1-5-21-1298759705-1546554832-1758055739-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache 11/01/2003 04:41AM C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\INS6B.tmp INS6B
    HKEY_USERS: S-1-5-21-1298759705-1546554832-1758055739-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache 11/01/2003 04:41AM C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\INS6E.tmp INS6E
    HKEY_USERS: S-1-5-21-1298759705-1546554832-1758055739-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache 11/01/2003 04:41AM C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\INS3.tmp INS3
    HKEY_USERS: S-1-5-21-1298759705-1546554832-1758055739-1005\Software\Netscape\Netscape Navigator\User Trusted External Applications 09/30/2003 08:24AM C:\PROGRA~1\QUICKT~1\PictureViewer.exe Yes
    HKEY_USERS: S-1-5-18\Software\Microsoft\Internet Explorer\Main 10/25/2003 09:01PM Local Page C:\WINDOWS\SYSTEM\blank.htm
    HKEY_LOCAL_MACHINE: Software\Classes\AppID\NMSSvc.EXE 10/06/2003 03:57PM LogFile C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NMSSvc.log
    HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{28FDF524-4075-11D3-88B2-0080C7CA1A70}\LocalServer32 10/06/2003 03:57PM C:\WINDOWS\System32\KzService.exe
    HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{545BF474-5A12-11D3-A51A-00105AC69471}\LocalServer32 10/06/2003 03:57PM c:\PROGRA~1\EARTHL~1.0\conmgr.exe
    HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{545BF476-5A12-11D3-A51A-00105AC69471}\LocalServer32 10/06/2003 03:57PM c:\PROGRA~1\EARTHL~1.0\conmgr.exe
    HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{545BF478-5A12-11D3-A51A-00105AC69471}\LocalServer32 10/06/2003 03:57PM c:\PROGRA~1\EARTHL~1.0\conmgr.exe
    HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{545BF47A-5A12-11D3-A51A-00105AC69471}\LocalServer32 10/06/2003 03:57PM c:\PROGRA~1\EARTHL~1.0\conmgr.exe
    HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{545BF47C-5A12-11D3-A51A-00105AC69471}\LocalServer32 10/06/2003 03:57PM c:\PROGRA~1\EARTHL~1.0\conmgr.exe
    HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{545BF47E-5A12-11D3-A51A-00105AC69471}\LocalServer32 10/06/2003 03:57PM c:\PROGRA~1\EARTHL~1.0\conmgr.exe
    HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{545BF480-5A12-11D3-A51A-00105AC69471}\LocalServer32 10/06/2003 03:57PM c:\PROGRA~1\EARTHL~1.0\conmgr.exe
    HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{545BF482-5A12-11D3-A51A-00105AC69471}\LocalServer32 10/06/2003 03:57PM c:\PROGRA~1\EARTHL~1.0\conmgr.exe
    HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{56083E4D-2042-11D3-BF4A-0060B0FBE1C8}\LocalServer32 10/06/2003 03:57PM C:\WINDOWS\System32\KzService.exe
    HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{56083E56-2042-11D3-BF4A-0060B0FBE1C8}\LocalServer32 10/06/2003 03:57PM C:\WINDOWS\System32\KzService.exe
    HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{56083E59-2042-11D3-BF4A-0060B0FBE1C8}\LocalServer32 10/06/2003 03:57PM C:\WINDOWS\System32\KzService.exe
    HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{56083E5C-2042-11D3-BF4A-0060B0FBE1C8}\LocalServer32 10/06/2003 03:57PM C:\WINDOWS\System32\KzService.exe
    HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{62025762-E692-11D2-9B44-0060089F7CC9}\LocalServer32 10/06/2003 03:57PM C:\PROGRA~1\EARTHL~1.0\ELNhelp.exe
    HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{78F00D94-3EC7-11D3-88AC-0080C7CA1A70}\LocalServer32 10/06/2003 03:57PM C:\WINDOWS\System32\KzService.exe
    HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{7C3292CC-C25A-11D2-9949-00104BD069D6}\LocalServer32 10/06/2003 03:57PM C:\PROGRA~1\EARTHL~1.0\EARTHL~1.EXE
    HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{7CA7D1D5-711B-11D3-88D0-0080C7CA1A70}\LocalServer32 10/06/2003 03:57PM C:\WINDOWS\System32\KzService.exe
    HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{7CA7D1DA-711B-11D3-88D0-0080C7CA1A70}\LocalServer32 10/06/2003 03:57PM C:\WINDOWS\System32\KzService.exe
    HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{7E711AA6-572D-11D3-88CE-0080C7CA1A70}\LocalServer32 10/06/2003 03:57PM C:\WINDOWS\System32\KzService.exe
    HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{8E75D913-3D21-11d2-85C4-080009A0C626}\LocalServer32 10/06/2003 03:57PM C:\PROGRA~1\AUTOCA~1\acad.exe
    HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{B5F16961-679D-11D3-A51A-00105AC69471}\LocalServer32 10/06/2003 03:57PM c:\PROGRA~1\EARTHL~1.0\conmgr.exe
    HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{CC2C83A6-9BE4-11D0-98E7-00C04FC2CAF5}\InprocServer32 10/25/2003 09:08PM SystemDB C:\WINDOWS\System32\system.mdw
    HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{F2E5865E-2DA2-11D3-889C-0080C7CA1A70}\LocalServer32 10/06/2003 03:57PM C:\WINDOWS\System32\KzService.exe
    HKEY_LOCAL_MACHINE: Software\Classes\CLSID\{F8C7FB72-BCD4-11D4-ABD6-0060B0FB3286}\LocalServer32 10/06/2003 03:57PM C:\WINDOWS\System32\KzService.exe
    HKEY_LOCAL_MACHINE: Software\Classes\Installer\Patches\30925B1811C46D116B1E000B0D9431F9\SourceList\Net 10/06/2003 03:57PM 1 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\
    HKEY_LOCAL_MACHINE: Software\Classes\Installer\Products\1AA49DCE568D4FE4F8C7A56AD873BA9E\SourceList\Net 10/06/2003 03:57PM 1 C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\pft1C~tmp\Control\
    HKEY_LOCAL_MACHINE: Software\Classes\Installer\Products\462509CEEFCBB324C9243C1A60627609\SourceList\Net 10/06/2003 03:57PM 1 C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\IXP000.TMP\
    HKEY_LOCAL_MACHINE: Software\Classes\Installer\Products\AA75334BD6A349D45BE6344CD4905E84\SourceList\Net 10/06/2003 03:57PM 1 C:\DELL\6w650\
    HKEY_LOCAL_MACHINE: Software\Classes\Installer\Products\DDE7F2BCF1D91C3409CFF425AE1E271A\SourceList\Net 10/06/2003 03:57PM 1 C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\IXP000.TMP\
    HKEY_LOCAL_MACHINE: Software\Classes\Software\RealNetworks\RealPlayer\6.0\Preferences\SystemCookiesPath 10/06/2003 03:57PM C:\WINDOWS\System32\syscookies.txt
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{0D3DEBA1-DEBE-11D1-8B87-00C04FD7A924}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\system32\catsrvut.dll\2
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{0D3DEBA1-DEBE-11D1-8B87-00C04FD7A924}\1.0\HELPDIR 10/06/2003 03:57PM C:\WINDOWS\system32\catsrvut.dll\
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{1C565858-F302-471E-B409-F180AA4ABEC6}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\System32\hnetcfg.dll\2
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{1C565858-F302-471E-B409-F180AA4ABEC6}\1.0\HELPDIR 10/06/2003 03:57PM C:\WINDOWS\System32\hnetcfg.dll\
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{29894293-C0FE-11D1-8D87-0060088F38C8}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\system32\catsrvut.dll\5
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{29894293-C0FE-11D1-8D87-0060088F38C8}\1.0\HELPDIR 10/06/2003 03:57PM C:\WINDOWS\system32\catsrvut.dll\
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{3F4DACA7-160D-11D2-A8E9-00104B365C9F}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\System32\vbscript.dll\2
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{3F4DACA7-160D-11D2-A8E9-00104B365C9F}\5.5\0\win32 10/06/2003 03:57PM C:\WINDOWS\System32\vbscript.dll\3
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{45993405-FFE8-4138-B8E9-8F782E741E61}\2.0\0\win32 10/10/2003 05:23AM C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\PPT10.0\MSForms.exd
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{45993405-FFE8-4138-B8E9-8F782E741E61}\2.0\HELPDIR 10/10/2003 05:23AM C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\PPT10.0
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{4F69D2A3-5594-11D3-88C4-0080C7CA1A70}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\System32\KzService.exe
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{56BC53D1-96DB-11D1-BF3F-000000000000}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\System32\iassdo.dll\2
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{56BC53D1-96DB-11D1-BF3F-000000000000}\1.0\HELPDIR 10/06/2003 03:57PM C:\WINDOWS\System32\iassdo.dll\
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{5DD8EFD1-75D8-4F4C-B63B-3E695CFC29B6}\1.0\0\win32 10/06/2003 03:57PM C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\Word8.0\ShockwaveFlashObjects.exd
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{5DD8EFD1-75D8-4F4C-B63B-3E695CFC29B6}\1.0\HELPDIR 10/06/2003 03:57PM C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\Word8.0
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{640D3148-A423-11D2-B943-00C04F79D22F}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\system32\catsrvut.dll\7
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{640D3148-A423-11D2-B943-00C04F79D22F}\1.0\HELPDIR 10/06/2003 03:57PM C:\WINDOWS\system32\catsrvut.dll\
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{680C64B0-8DA2-4399-BF4B-E94C1E52983E}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\System32\mmc.exe\4
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{680C64B0-8DA2-4399-BF4B-E94C1E52983E}\1.0\HELPDIR 10/06/2003 03:57PM C:\WINDOWS\System32\mmc.exe\
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{7AF322C5-AB43-11D4-A00B-0050DA18DE71}\1.0\0\win32 10/08/2003 08:31AM C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\InfoWindow.dll
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{81DDF732-4AA8-4A35-BDFF-8B42EFE7C624}\1.0\0\win32 10/25/2003 09:09PM C:\WINDOWS\System32\iassdo.dll\1
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{81DDF732-4AA8-4A35-BDFF-8B42EFE7C624}\1.0\HELPDIR 10/25/2003 09:09PM C:\WINDOWS\System32\iassdo.dll\
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{8E17FFE3-C5BA-11D1-8D8A-0060088F38C8}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\system32\catsrvut.dll\6
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{8E17FFE3-C5BA-11D1-8D8A-0060088F38C8}\1.0\HELPDIR 10/06/2003 03:57PM C:\WINDOWS\system32\catsrvut.dll\
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{8F0DD2C7-786E-11D0-A671-000092909AB2}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\SYSTEM32\popup.ocx
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{97177EBC-0C54-11D0-B407-00AA00C14969}\5.0\9\win32 10/06/2003 03:57PM C:\WINDOWS\System32\msvbvm50.dll\2
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{9B085638-018E-11D3-9D8E-00C04F72D980}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\System32\msvidctl.dll\2
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{9B085638-018E-11D3-9D8E-00C04F72D980}\1.0\HELPDIR 10/06/2003 03:57PM C:\WINDOWS\System32\msvidctl.dll\
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{AC2DE821-36A2-11CF-8053-00AA006009FA}\2.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\System32\FM20.DLL\2
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{B79DCE14-3C32-41C1-B26E-61FE415225E5}\2.0\0\win32 10/08/2003 04:34AM C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\Word8.0\MSForms.exd
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{B79DCE14-3C32-41C1-B26E-61FE415225E5}\2.0\HELPDIR 10/08/2003 04:34AM C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\Word8.0
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{BF981FCC-B743-11D1-A69A-00C04FB9988E}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\system32\catsrvut.dll\4
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{BF981FCC-B743-11D1-A69A-00C04FB9988E}\1.0\HELPDIR 10/06/2003 03:57PM C:\WINDOWS\system32\catsrvut.dll\
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{C2BE6961-DF9E-11D1-8B87-00C04FD7A924}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\system32\catsrvut.dll\3
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{C2BE6961-DF9E-11D1-8B87-00C04FD7A924}\1.0\HELPDIR 10/06/2003 03:57PM C:\WINDOWS\system32\catsrvut.dll\
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{CB39A774-E5E4-11D1-8CC0-00C04FC3261D}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\system32\catsrv.dll\2
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{CB39A774-E5E4-11D1-8CC0-00C04FC3261D}\1.0\HELPDIR 10/06/2003 03:57PM C:\WINDOWS\system32\catsrv.dll\
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{CFFAAD91-3E1B-11D3-88AC-0080C7CA1A70}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\System32\KzDesktop.dll
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{D6589123-FC70-11D0-AC94-00C04FD97575}\2.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\msagent\AgentSvr.exe\2
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{D6589123-FC70-11D0-AC94-00C04FD97575}\2.0\HELPDIR 10/06/2003 03:57PM C:\WINDOWS\msagent\AgentSvr.exe\
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{EA544A21-C82D-11D1-A3E4-00A0C90AEA82}\6.0\9\win32 10/06/2003 03:57PM C:\WINDOWS\System32\msvbvm60.dll\3
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{FC7D9000-3F9E-11D3-93C0-00C04F72DAF7}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe\2
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{FC7D9000-3F9E-11D3-93C0-00C04F72DAF7}\1.0\HELPDIR 10/06/2003 03:57PM C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe\
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{FC7D9E00-3F9E-11D3-93C0-00C04F72DAF7}\1.0\0\win32 10/06/2003 03:57PM C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe\1
    HKEY_LOCAL_MACHINE: Software\Classes\TypeLib\{FC7D9E00-3F9E-11D3-93C0-00C04F72DAF7}\1.0\HELPDIR 10/06/2003 03:57PM C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe\
    HKEY_LOCAL_MACHINE: Software\CyberLink\PowerDVD 10/25/2003 09:01PM SrcDir C:\DELL\D0844\
    HKEY_LOCAL_MACHINE: Software\Dell\America Online 8.0 10/25/2003 09:01PM IconPath c:\Windows\System32\OOBE\Images\AOLFINI.jpg
    HKEY_LOCAL_MACHINE: Software\Intel\NETWORK_SERVICES\NMS\DiagnosticsLogInformation 10/25/2003 09:01PM FilePath C:\WINDOWS\System32\NMSDiag.log
    HKEY_LOCAL_MACHINE: Software\McAfee.com\Personal Firewall\Installer 10/14/2003 02:46PM MPFDownloadPath C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\MCAD898.tmp
    HKEY_LOCAL_MACHINE: Software\McAfee.com\Virusscan Online\Installer 10/31/2003 09:23PM VSODownloadPath C:\WINDOWS\TEMP\mcuF1.tmp
    HKEY_LOCAL_MACHINE: Software\Microsoft\Advanced INF Setup\ieupdate 10/27/2003 09:57PM InstallINFFile C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\IXP000.TMP\Q828750.inf
    HKEY_LOCAL_MACHINE: Software\Microsoft\Advanced INF Setup\oeupdate 10/27/2003 09:58PM InstallINFFile C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\IXP000.TMP\Q330994.inf
    HKEY_LOCAL_MACHINE: Software\Microsoft\IMAPI\StashInfo 10/06/2003 03:57PM StashPath C:\WINDOWS\Temp\StashIMAPI.bin
    HKEY_LOCAL_MACHINE: Software\Microsoft\Java VM 10/06/2003 03:57PM LibsDirectory C:\WINDOWS\java\lib
    HKEY_LOCAL_MACHINE: Software\Microsoft\Microsoft Interactive Training 10/06/2003 03:57PM MediaPath C:\DELL\SBS\content\
    HKEY_LOCAL_MACHINE: Software\Microsoft\Multimedia\WMPlayer\Groups\Video\DVD 10/06/2003 03:57PM RequiredFile C:\WINDOWS\System32\enable.dvd
    HKEY_LOCAL_MACHINE: Software\Microsoft\WBEM\WDM 10/31/2003 12:46PM C:\WINDOWS\System32\advapi32.dll[MofResourceName] LowDateTime:237388672,HighDateTime:29512518***Binary mof compiled successfully
    HKEY_LOCAL_MACHINE: Software\Microsoft\WBEM\WDM 10/31/2003 12:46PM C:\WINDOWS\System32\DRIVERS\ACPI.sys[ACPIMOFResource] LowDateTime:137388672,HighDateTime:29512518***Binary mof compiled successfully
    HKEY_LOCAL_MACHINE: Software\Microsoft\WBEM\WDM 10/31/2003 12:46PM C:\WINDOWS\System32\DRIVERS\e100b325.sys[NdisMofResource] LowDateTime:1882760960,HighDateTime:29515740***Binary mof compiled successfully
    HKEY_LOCAL_MACHINE: Software\Microsoft\WBEM\WDM 10/31/2003 12:46PM C:\WINDOWS\System32\DRIVERS\BCMSM.sys[MofResource] LowDateTime:-1641761280,HighDateTime:29547554***Binary mof compiled successfully
    HKEY_LOCAL_MACHINE: Software\Microsoft\WBEM\WDM 10/31/2003 12:46PM C:\WINDOWS\System32\Drivers\Modem.SYS[MODEMWMI] LowDateTime:-1647578624,HighDateTime:29512518***Binary mof compiled successfully
    HKEY_LOCAL_MACHINE: Software\Microsoft\WBEM\WDM 10/31/2003 12:46PM C:\WINDOWS\System32\DRIVERS\ipnat.sys[IPNATMofResource] LowDateTime:442421376,HighDateTime:29512519***Binary mof compiled successfully
    HKEY_LOCAL_MACHINE: Software\Microsoft\WBEM\WDM\DREDGE 10/31/2003 12:46PM C:\WINDOWS\System32\advapi32.dll[MofResourceName] LowDateTime:237388672,HighDateTime:29512518***Binary mof compiled successfully
    HKEY_LOCAL_MACHINE: Software\Microsoft\WBEM\WDM\DREDGE 10/31/2003 12:46PM C:\WINDOWS\System32\DRIVERS\ACPI.sys[ACPIMOFResource] LowDateTime:137388672,HighDateTime:29512518***Binary mof compiled successfully
    HKEY_LOCAL_MACHINE: Software\Microsoft\WBEM\WDM\DREDGE 10/31/2003 12:46PM C:\WINDOWS\System32\DRIVERS\e100b325.sys[NdisMofResource] LowDateTime:1882760960,HighDateTime:29515740***Binary mof compiled successfully
    HKEY_LOCAL_MACHINE: Software\Microsoft\WBEM\WDM\DREDGE 10/31/2003 12:46PM C:\WINDOWS\System32\DRIVERS\BCMSM.sys[MofResource] LowDateTime:-1641761280,HighDateTime:29547554***Binary mof compiled successfully
    HKEY_LOCAL_MACHINE: Software\Microsoft\WBEM\WDM\DREDGE 10/31/2003 12:46PM C:\WINDOWS\System32\Drivers\Modem.SYS[MODEMWMI] LowDateTime:-1647578624,HighDateTime:29512518***Binary mof compiled successfully
    HKEY_LOCAL_MACHINE: Software\Microsoft\WBEM\WDM\DREDGE 10/31/2003 12:46PM C:\WINDOWS\System32\DRIVERS\ipnat.sys[IPNATMofResource] LowDateTime:442421376,HighDateTime:29512519***Binary mof compiled successfully
    HKEY_LOCAL_MACHINE: Software\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Active Setup Temp Folders 10/06/2003 03:57PM Folder C:\WINDOWS\msdownld.tmp|?:\msdownld.tmp
    HKEY_LOCAL_MACHINE: Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A3E483FB3B84D116B4D000972310F18 06/21/2003 02:12PM 00000000000000000000000000000000 C:\WINDOWS\Fonts\Wpco01na.ttf
    HKEY_LOCAL_MACHINE: Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3A3E483FB3B84D116B4D000972310F18 06/21/2003 02:12PM 00000000000000000000000000000000 C:\WINDOWS\Fonts\Wpce08n_.ttf
    HKEY_LOCAL_MACHINE: Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5EF59D0D5306D647C77D68571B6DF388 09/22/2003 07:22AM 462509CEEFCBB324C9243C1A60627609 C:\WINDOWS\System32\DRM\msdrmv1.CAT
    HKEY_LOCAL_MACHINE: Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B93E483FB3B84D116B4D000972310F18 06/21/2003 02:12PM 00000000000000000000000000000000 C:\WINDOWS\Fonts\Wpco08n_.ttf
    HKEY_LOCAL_MACHINE: Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D93E483FB3B84D116B4D000972310F18 06/21/2003 02:12PM 00000000000000000000000000000000 C:\WINDOWS\Fonts\Wpco03n_.ttf
    HKEY_LOCAL_MACHINE: Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F93E483FB3B84D116B4D000972310F18 06/21/2003 02:12PM 00000000000000000000000000000000 C:\WINDOWS\Fonts\wpco01nb.ttf
    HKEY_LOCAL_MACHINE: Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1AA49DCE568D4FE4F8C7A56AD873BA9E\InstallProperties 05/11/2003 04:20AM InstallSource C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\pft1C~tmp\Control\
    HKEY_LOCAL_MACHINE: Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\462509CEEFCBB324C9243C1A60627609\InstallProperties 09/22/2003 12:07PM InstallSource C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\IXP000.TMP\
    HKEY_LOCAL_MACHINE: Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AA75334BD6A349D45BE6344CD4905E84\InstallProperties 04/25/2003 10:37PM InstallSource C:\DELL\6w650\
    HKEY_LOCAL_MACHINE: Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DDE7F2BCF1D91C3409CFF425AE1E271A\InstallProperties 10/06/2003 03:57PM InstallSource C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\IXP000.TMP\
    HKEY_LOCAL_MACHINE: Software\Microsoft\Windows\CurrentVersion\Setup 10/25/2003 09:09PM ServicePackCachePath c:\windows\ServicePackFiles\ServicePackCache
    HKEY_LOCAL_MACHINE: Software\Microsoft\Windows\CurrentVersion\Uninstall\{5783F2D7-0204-0409-0000-0060B0CE6BBA} 10/06/2003 03:57PM DisplayIcon C:\WINDOWS\Installer\{5783F2D7-0204-0409-0000-0060B0CE6BBA}\Adt4Icon.exe
    HKEY_LOCAL_MACHINE: Software\Microsoft\Windows Media Device Manager 10/06/2003 03:57PM Log.Filename C:\WINDOWS\System32\Wmdm.log


    Michael S.
     
  2. scmazter

    scmazter

    Joined:
    Oct 5, 2003
    Messages:
    557
    Umm, well how do you know if it's a virus? Well, if it is, start windows in safe mode with networking and scan your comp with housecall located here: http://housecall.trendmicro.com and if it turns up with something remove it, using removing instructions @ trendmicro.
     
  3. Michael S.

    Michael S. Thread Starter

    Joined:
    Jun 20, 2003
    Messages:
    177
    Quote:
    "start windows in fase mode and scan your comp with housecall located here: http://housecall.trendmicro.com and if it turns up with something remove it, using removing instructions @ trendmicro."
    End Quote:

    You meant "safe mode", correct?
     
  4. Michael S.

    Michael S. Thread Starter

    Joined:
    Jun 20, 2003
    Messages:
    177
    I know it is a virus becuase it "reinitializes" my McAfee Security Sytstem, by disabling the program. then it tends to start removing tasks and major groups of files. Like Restoring/Maximizing a window, Removing all of the Help Files, rendering exiting a window unusable, blacking out the status bar, start menu and ecetera.
     
  5. Spiritwalker

    Spiritwalker

    Joined:
    Sep 28, 2003
    Messages:
    175
    BCMSMMSG.exe is spyware
    DSentry.exe is a trojan
     
  6. scmazter

    scmazter

    Joined:
    Oct 5, 2003
    Messages:
    557
    Ooooopsy, thanks Michael S.
     
  7. Michael S.

    Michael S. Thread Starter

    Joined:
    Jun 20, 2003
    Messages:
    177
    O.K. , I went to the web site, My Computer doesn't show what I believe I was told should appear, maybe I didn't undertand well enough. Even so, I appear to be LOSING THE POWER AND/OR ABILITY TO COMMUNICATE.

    I cannot refresh any screen; a half hour ago, I had super speed, now IO am a snail!!!
     
  8. scmazter

    scmazter

    Joined:
    Oct 5, 2003
    Messages:
    557
    Errr, are you sure you were in SAFE MODE WITH NETWORKING? (I know I put networking in just now, but lol i forgot 2 mention that earlier), because some viruses stop you from going 2 anti-virus sites.
     
  9. Michael S.

    Michael S. Thread Starter

    Joined:
    Jun 20, 2003
    Messages:
    177
    O.K., I am scared of doing things that i don't much about.
    Safe is done how?
    CTRL+ALT+DEL, the when startup runs I press DEL to run Setup?
    Am I right?
     
  10. scmazter

    scmazter

    Joined:
    Oct 5, 2003
    Messages:
    557
    Ahh sorry, i'm not thinkinh 4 dimentionally again (LOL), when your computer starts up, just before it displays windows XP logo, press f9, and use arrow keys 2 navigate, and choose "Safe Mode with Networking" and press enter.
     
  11. Michael S.

    Michael S. Thread Starter

    Joined:
    Jun 20, 2003
    Messages:
    177
    At startup F9 does not do a thing, for a menu to chose how my system starts.
     
  12. scmazter

    scmazter

    Joined:
    Oct 5, 2003
    Messages:
    557
    Umm, the trick is to press f9 with the speed of light, start about 10 seconds before the windows XP logo comes on at startup (with the green things going through the bar).
     
  13. KeithKman

    KeithKman

    Joined:
    Dec 28, 2002
    Messages:
    1,983
    Do this in order:

    1) Open Internet Explorer -> Tools -> Internet Options -> delete cookies, delete files (select off-line content), clear history. Then click ok and exit Internet Explorer.


    2) Read http://tomcoyote.org/SPYBOT/index1.html then download and run SpyBot. Make sure to get the updates for SpyBot before you have it scan your computer. After you scan and remove anything SpyBot finds, make sure to click the Immunize button followed by OK and then click the Immunize button in the right pane.


    3) Run two of the following free online Anti-Virus scans here:

    http://housecall.trendmicro.com - I found this to work the best.

    http://security.symantec.com/default.asp?

    http://www.pandasoftware.com/activescan

    http://www.ravantivirus.com/scan


    4) Run:
    http://www.anti-trojan.net/en/onlinecheck.aspx
    (site might be slow, just be patient.)


    5) RePost a fresh HiJackThis log.
     
  14. Michael S.

    Michael S. Thread Starter

    Joined:
    Jun 20, 2003
    Messages:
    177
    Keith:
    Thank You for the help

    This would not run, failed on readiding my IP Adderess
    http://www.anti-trojan.net/en/onlinecheck.aspx

    Inserting NEW HIJACK!

    Logfile of HijackThis v1.97.3
    Scan saved at 21:44:36, on 11/6/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\cisvc.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    c:\PROGRA~1\mcafee.com\mps\mscifapp.exe
    C:\Program Files\McAfee.com\Secure IE\SecureIE.exe
    C:\Documents and Settings\Michael Lawrence\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Personal Coach.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Download File - C:\Program Files\McAfee.com\Secure IE\Scripts\AddToTransferQueue.htm
    O8 - Extra context menu item: &Highlight - C:\Program Files\McAfee.com\Secure IE\Scripts\highlight.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Zoom &In - C:\Program Files\McAfee.com\Secure IE\Scripts\zoomin.htm
    O8 - Extra context menu item: Zoom O&ut - C:\Program Files\McAfee.com\Secure IE\Scripts\zoomout.htm
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .tiff: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
    O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - file://C:\Program Files\AutoCAD 2002\SysVerChk.ocx
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37919.605150463
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by10fd.bay10.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
     
  15. Michael S.

    Michael S. Thread Starter

    Joined:
    Jun 20, 2003
    Messages:
    177
    O.K., this thing acted like a nasty dog biting back. That could be funny if I knew a dog that didn't bite back!
    I used some well-advised programs to look for it, didn't see it.

    I followed instructions:

    [QUOTE}Do this in order:

    1) Open Internet Explorer -> Tools -> Internet Options -> delete cookies, delete files (select off-line content), clear history. Then click ok and exit Internet Explorer.


    2) Read http://tomcoyote.org/SPYBOT/index1.html then download and run SpyBot. Make sure to get the updates for SpyBot before you have it scan your computer. After you scan and remove anything SpyBot finds, make sure to click the Immunize button followed by OK and then click the Immunize button in the right pane.


    3) Run two of the following free online Anti-Virus scans here:

    http://housecall.trendmicro.com - I found this to work the best.

    http://security.symantec.com/default.asp?

    http://www.pandasoftware.com/activescan

    http://www.ravantivirus.com/scan


    4) Run:
    http://www.anti-trojan.net/en/onlinecheck.aspx
    (site might be slow, just be patient.)


    5) RePost a fresh HiJackThis log.
    {END QUOTE}

    After I did all of these things, SecureIE shut down, complaining that a non-running office application needed configuration or something.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/176085